A firewall is a device, or a piece of software running on a device, used to permit or deny network transmissions based upon a set of rules. A firewall may be used to protect a network from unauthorized access while permitting legitimate communications to pass. A firewall may have an outward side facing a global network, such as the Internet. The opposite side of the firewall may be a private network which is protected by the firewall. The private network may include any number of host machines (e.g., computers) each addressable by its own IP address. The physical construction of the network may be such that all data packets intended for one of the IP addresses behind the firewall pass through the firewall. Using the firewall rules, which may be set by a network administrator or other user, the firewall may determine whether to allow or deny certain data packets and/or determine where to route particular data packets based on the IP addresses to which the packets are directed. The determination of where to route data packets may be done using the IP addresses of the host machines in the private network.
Depending on the addressing scheme used by the network, the IP addresses of the host machines may be static or dynamic. Static IP addresses do not change over time, and thus once they are set in the firewall rules, there is no need to update them. The Internet Protocol version Four (IPv4) addressing system commonly uses static addressing, while IPv6 may use dynamic addressing. Dynamic IP addresses may change over time and thus, there is a need to update the firewall rules as changes occur. Manually updating the firewall rules can be a long and expensive undertaking, particularly if the number of host machines in the network is large. In addition, if the update is not performed soon after the change, the possibility exists that data packets intended for one host machine at a certain IP address, which has now been assigned to a different host machine, may be routed to the incorrect destination. Conventional firewalls are configured using only IP addresses and, thus, there is no way to verify that an IP address is still associated with the intended host machine.